Date: Sat, 19 Jun 1999 00:15:15 -0700 (PDT) From: Allan Saddi <asaddi@philosophysw.com> To: Frank Tobin <ftobin@bigfoot.com> Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG> Subject: Re: proposed secure-level 4 patch Message-ID: <Pine.BSF.4.10.9906190006320.20141-200000@shell2.ba.best.com> In-Reply-To: <Pine.BSF.4.10.9906190053050.60212-200000@srh0710.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1915819991-929776515=:20141 Content-Type: TEXT/PLAIN; charset=US-ASCII On Sat, 19 Jun 1999, Frank Tobin wrote: > Okay, a good friend of mine Kris Wehner has written a patch to implement > the proposed securelevel of 4, which would disallow the opening of > secure ports (<1024) while in the securelevel of 4. About the implementation of this feature... shouldn't the function in_pcbbind() in netinet/in_pcb.c be modified instead? This will eliminate having to check whether the protocol in question is IP. Also, it seems like an ideal place for this patch since this is where the priviledge check is made for binding ports <1024. I've included a similar patch which should accomplish the same thing. A caveat though: I did not test this, nor did I even try to compile it. I just created it to serve as a guide. It should be easy to whip it into shape, if needs be... -- Allan Saddi "The Earth is the cradle of mankind, asaddi@philosophysw.com but we cannot live in the cradle http://www.philosophysw.com/asaddi/ forever." - K.E. Tsiolkovsky --0-1915819991-929776515=:20141 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="in_pcb.c.diff" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.BSF.4.10.9906190015150.20141@shell2.ba.best.com> Content-Description: Content-Disposition: attachment; filename="in_pcb.c.diff" LS0tIC91c3Ivc3JjL3N5cy9uZXRpbmV0L2luX3BjYi5jCU1vbiBEZWMgIDcg MTM6NTg6MzcgMTk5OA0KKysrIGluX3BjYi5jCVNhdCBKdW4gMTkgMDA6MDM6 NTQgMTk5OQ0KQEAgLTE5NCw5ICsxOTQsMTIgQEANCiAJCQlzdHJ1Y3QgaW5w Y2IgKnQ7DQogDQogCQkJLyogR1JPU1MgKi8NCi0JCQlpZiAobnRvaHMobHBv cnQpIDwgSVBQT1JUX1JFU0VSVkVEICYmIHAgJiYNCi0JCQkgICAgc3VzZXIo cC0+cF91Y3JlZCwgJnAtPnBfYWNmbGFnKSkNCi0JCQkJcmV0dXJuIChFQUND RVMpOw0KKwkJCWlmIChudG9ocyhscG9ydCkgPCBJUFBPUlRfUkVTRVJWRUQp IHsNCisJCQkJaWYgKHNlY3VyZWxldmVsID49IDQpDQorCQkJCQlyZXR1cm4g KEVBQ0NFUyk7DQorCQkJCWlmIChwICYmIHN1c2VyKHAtPnBfdWNyZWQsICZw LT5wX2FjZmxhZykpDQorCQkJCQlyZXR1cm4gKEVBQ0NFUyk7DQorCQkJfQ0K IAkJCWlmIChzby0+c29fdWlkICYmDQogCQkJICAgICFJTl9NVUxUSUNBU1Qo bnRvaGwoc2luLT5zaW5fYWRkci5zX2FkZHIpKSkgew0KIAkJCQl0ID0gaW5f cGNibG9va3VwX2xvY2FsKGlucC0+aW5wX3BjYmluZm8sDQo= --0-1915819991-929776515=:20141-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906190006320.20141-200000>